US9741186B1 - Providing wireless access to a secure lock based on various security data - Google Patents

Providing wireless access to a secure lock based on various security data Download PDF

Info

Publication number
US9741186B1
US9741186B1 US15/254,534 US201615254534A US9741186B1 US 9741186 B1 US9741186 B1 US 9741186B1 US 201615254534 A US201615254534 A US 201615254534A US 9741186 B1 US9741186 B1 US 9741186B1
Authority
US
United States
Prior art keywords
access
server
guest device
address location
security question
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US15/254,534
Inventor
William A. LEMKE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Airbnb Inc
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US15/254,534 priority Critical patent/US9741186B1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LEMKE, WILLIAM A.
Application granted granted Critical
Publication of US9741186B1 publication Critical patent/US9741186B1/en
Assigned to Airbnb, Inc. reassignment Airbnb, Inc. ASSIGNMENT OF ASSIGNOR'S INTEREST Assignors: INTERNATIONAL BUSINESS MACHINES CORPORATION
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • G07C9/00023
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/215Individual registration on entry or exit involving the use of a pass the system having a variable access-code, e.g. varied as a function of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B47/00Operating or controlling locks or other fastening devices by electric or magnetic means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00388Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/08With time considerations, e.g. temporary activation, valid time window or time limitations
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/60Indexing scheme relating to groups G07C9/00174 - G07C9/00944
    • G07C2209/63Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • This application relates to providing temporary access to a secure environment and more particularly to providing remote access from a first device to a second device based on specified security information.
  • Security is being managed remotely through communication protocols which transmit commands from devices to other devices, such as lights, doors, security cameras, appliances, etc.
  • remote access to a door lock is being utilized to permit certain visitors with access to a location/premise.
  • these remote access examples only provide limited security and are not customizable to a particular owner of the location/premises.
  • An example embodiment provides a method that includes at least one of accessing a security application and a security setup procedure, transmitting an address location to setup a temporary access, transmitting a security question required to be answered prior to access being granted, transmitting a time window for the temporary access to be enacted, encrypting an access credential comprising the address location, the security question and the time window, and transmitting the access credential to a guest device.
  • Another example embodiment includes a method that includes receiving an address location at a server to setup a temporary access, receiving a security question at the server required to be answered prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the security question and the time window, and transmitting from the server the encrypted access credential to a guest device.
  • Also another example embodiment may include an apparatus that includes a receiver configured to receive an address location to setup a temporary access, receive a security question required to be answered prior to the temporary access being granted, and receive a time window for the temporary access to be granted.
  • the apparatus also includes a processor configured to encrypt an access credential comprising the address location, the security question and the time window, and a transmitter configured to transmit the encrypted access credential to a guest device.
  • Still another example embodiment includes a non-transitory computer readable storage medium configured to store instructions that when executed cause a processor to perform at least one of receiving an address location at a server to setup a temporary access, receiving a security question at the server required to be answered prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the security question and the time window, and transmitting from the server the encrypted access credential to a guest device.
  • FIG. 1 illustrates an example communication network and a temporary access assignment according to an example embodiment.
  • FIG. 2A illustrates a system signaling diagram of various processes and communication operations during an access assignment and access attempt according to an example embodiment.
  • FIG. 2B illustrates a system signaling diagram of various processes and communication operations during an access assignment and access attempt according to an example embodiment.
  • FIG. 2C illustrates a system signaling diagram of various processes and communication operations during an access assignment and access attempt according to an example embodiment.
  • FIG. 2D illustrates an example flow diagram of a method of operation according to example embodiments.
  • FIG. 3 illustrates a user interface of a guest mobile device during an access attempt according to example embodiments.
  • FIG. 4 illustrates a computer readable medium and non-transitory computer processing platform for performing procedures according to example embodiments of the present application.
  • FIGS. 5A-5D illustrate yet another example flow diagram according to an example embodiment of the present application.
  • FIG. 6 illustrates a further example flow diagram according to an example embodiment of the present application.
  • messages may have been used in the description of embodiments, the application may be applied to many types of network data, such as, packet, frame, datagram, etc.
  • the term “message” also includes packet, frame, datagram, and any equivalents thereof.
  • certain types of messages and signaling may be depicted in exemplary embodiments they are not limited to a certain type of message, and the application is not limited to a certain type of signaling.
  • FIG. 1 illustrates an example communication network and an access assignment according to an example embodiment.
  • the network 100 includes an owner device 110 which manages the access settings for the lock, a server 120 which hosts the security application and provides a log of registered users, command encryption and other features, and a guest device 150 which may receive access to the security premises based on the access permitted by the owner device 110 .
  • a network 130 provides a communication medium for the devices to communicate and may be part of the Internet, cloud or other known network comprising one or more computers, servers, etc.
  • At least one of managing the access settings for the lock, hosting the security application, and providing a log of registered users, command encryption and other features can be performed by one or more of the owner device 110 , the server 120 , the network 130 , the guest device 150 , and the wireless lock 160 .
  • the owner device 110 may offer a temporary access schedule to one more guest devices 150 .
  • a time window for permitting access may be designated along with one or more of a security question and answer, a specific encryption key, a location tracking procedure, etc.
  • the owner device 110 may set up such criteria and transmit a temporary access instance to the server 120 .
  • the entire set of data, or a portion of that data, may be deemed an access package 142 which is further processed by the application server 120 prior to offering access to the guest device 150 .
  • Credentials 144 may be offered to the guest device 150 .
  • the guest device 150 may be used to wirelessly access 146 the wireless lock 160 and thereby unlock an object such as a door.
  • the secure environment may be a space that is locked by a door or by some other locking mechanism that secures a space, device, appliance, equipment, or item of property.
  • various items may be secured by a lock and may need to be unlocked to provide temporary access such as bicycles, vehicles or other transports, luggage carriers (for example in airports or train stations), as well as appliances or equipment.
  • the access signal 146 may be sent to the door wirelessly in any manner such as a near field communication message, a BLUETOOTH message, a WiFi message, a cellular message, etc.
  • the access signal 146 may be sent to the server 120 which communicates with the wireless lock 160 over a device at a residence, office, or other building, such as a WiFi/Internet router.
  • the access information necessary to open the door may be sent and processed into a command that enables the wireless lock to unlock and permit access to a structure. This access information and/or command may expire after a certain amount of time or after a certain action is taken (for example, after the lock is unlocked one or more times).
  • One example method of operation may include providing a near field access control interface to prevent opening of a lock controlling access to a property until conditions determined by the access control interface, or other communicably coupled device and/or software program, are satisfied.
  • the interface may include a time/date for the access, a challenge response question, and an identification (which may include a serial number, international mobile equipment identity (IMEI) of a mobile device, a pre-shared key, and/or an encryption algorithm).
  • IMEI international mobile equipment identity
  • the challenge response Responsive to detecting the mobile device with the identification at the time/date in the vicinity of the lock, the challenge response may also be requested by the mobile device, and responsive to receiving a correct answer to the challenge response, the lock may be opened.
  • the access control interface may require the authorized mobile device in the vicinity of the lock as monitored by GPS or other location determination procedures.
  • the security functions may include a time of day based access, denoted as ‘T’, a challenge response denoted as ‘R’, a serial number of the guest device denoted as SN′, and a pre-shared key, denoted as ‘K’.
  • the key encryption method used to encrypt one or more of the security functions may be any standard encryption method.
  • the property owner or occupant may have a BLUETOOTH, Wi-Fi, NFC, cellular, etc., based lock on an object on or in the property such as a door, gate, window, garage, attic, room, etc. which uses a mobile device and application to permit or limit access.
  • the web site/server 120 stores a master database of keys which can open the lock.
  • FIG. 2A illustrates a system signaling diagram of various processes and communication operations during an access operation according to an example embodiment.
  • the diagram 200 includes a communication cycle between the owner device 210 , the server 220 and the guest device 230 .
  • the owner device 210 logs onto the management web site hosted by the server 220 and configures a temporary access package 212 for a guest device seeking access to enter the property with a specific appointment and credentials.
  • the owner device 210 may access an application from the server 220 , or another device communicably coupled to the server or the owner device, to configure the temporary access package 212 .
  • a user of the device 210 can provide the address of the property so that GPS coordinates, or other location attributes, can be used to set the location of the property.
  • the device 210 if in or on or proximate the premises, can indicate the location via an action such as turning on a location feature on the device 210 .
  • Security questions that should be answered, or other security actions that should be properly concluded are submitted 214 along with a time window for access and a phone number (or other data such as an IP address, etc.) of the guest device 216 .
  • This information may be submitted 218 to the server 220 for processing.
  • the parameter ‘LL’ may be used for location.
  • the server 220 permits the owner device 210 to create security questions and answers and/or other security actions for a specific guest.
  • the answer to the question(s) or other security action(s) may be denoted ‘R’.
  • the server 220 permits the owner device 210 to also setup an appointment or appointment window denoted ‘T’.
  • the guest user device 230 will access his/her application and send the serial number, SN′ of the phone (or other identifier) to the server 220 .
  • a website, application, service, or program, running on the server 220 , or a website, application, service, or program running on the device 210 can send an access or credential package or message 224 to the guest's device 230 which would be running a website, application, service, or program able to receive the message, parse the message and perform an action(s) based on the message.
  • the package 224 is delivered to the guest device 230 and received by an application running on the device.
  • a display (or a speaker) on the guest device 230 provides a message that the premises may be accessed on the given date/time.
  • the device 230 is at or proximate the residence, and if the time of day ‘T’ is within the time window and the device is in the proper location ‘LL’, the challenge question is able to be answered 226 .
  • the challenge response is concatenated with the serial number or other identifier of the device 230 , as well as a decryption key ‘K’.
  • the response data 228 is sent to the server 220 where the data is stored 231 , for example in a user profile.
  • the key ‘K’ will be transmitted over a communication protocol such as Wi-Fi, BLUETOOTH, NFC, cellular, etc., from the guest device 230 (via a transmitter or transceiver, for example) to a receiver or transceiver on the, or communicably coupled to, the door lock which would unlock 232 .
  • This key may expire after a certain amount of time or after a certain action is taken (for example, after the lock is unlocked one or more times).
  • a property owner, tenant or other individual prepares an access package via their computing device which will permit a visitor computing device to access the property based on specified conditions being met.
  • the visitor retrieves an access package (which includes an encrypted key) and may proceed to enter the property.
  • the owner can provide a key to guests based on certain conditions being met and using a secure operation. Examples of the various security factors include time of day ‘T’, challenge response ‘R’, serial number of guest's phone, ‘SN’, pre-shared key, ‘K’, and key encryption methods (standard encryption routines).
  • FIG. 2B illustrates a system signaling diagram of various processes and communication operations during an access operation according to an example embodiment.
  • the example diagram 250 includes the owner device 210 logging into the management web site 252 running on the server 220 (or using an application running on the device 210 ) to access the server) where he/she may configure a temporary access package for a guest who needs to enter the property with a specific appointment.
  • the owner device 210 provides the address of the property so that GPS coordinates ‘LL’ may be determined and used to ensure the correct guest device.
  • the web site or application permits the owner to create security questions and answers ‘R’ for a specific guest device 230 .
  • the web site permits the owner to set up an appointment or appointment window ‘T’ as a necessary variable which must be fulfilled to enter the house.
  • the server 220 confirms the access package details 254 and the appointment is confirmed by the server 220 .
  • the application can then be accessed 256 by the guest device 230 which will send the serial number or other identifier, SN of the phone to the website or application running on the server 220 (or another device communicably coupled to the server or to the guest device 230 ).
  • the credentials package is delivered to the application running on the guest device 230 , and a message is sent regarding the date/window of time the premises may be accessed.
  • LL as per the GPS receiver, for example
  • the user is prompted to answer the challenge question.
  • the answer is provided, it is concatenated with the serial number of the phone. This concatenation of the serial number and the answer can be used to decrypt the access package and the lock key becomes available.
  • the key K will be transmitted over a wireless protocol 262 to the lock 240 and the door will open 264 . This key may expire after a certain amount of time or after a certain action is taken (for example, after the lock is unlocked one or more times).
  • the configuration may only permit access to the property if a specific guest device (as determined by a device identifier) or if multiple users were present for any lock to open. For instance, if a property owner wants a person to chaperone a guest.
  • a specific guest device as determined by a device identifier
  • a property owner wants a person to chaperone a guest.
  • This scenario is common with real estate agents and contractors or prospective renters or purchasers who need access to a property. In such a scenario one or more of the following would occur: both devices of both parties would pair with one or more locks in or on the property, both devices would be in the same or similar location, both devices may receive questions or other security actions and both may have a limited time window to access the door lock.
  • Some package access messages do not need to include all of these attributes: ‘T’ (time of day/week), ‘R’ (Challenge question response), SN′ (serial number of guest's phone) and ‘K’ (pre-shared key).
  • ‘T’ can be excluded because one of the devices may already have a record of the time or the ‘smart’ door lock could have a record of the time.
  • FIG. 2C illustrates a diagram of various processes and communication operations during an access operation according to an example embodiment.
  • the flow diagram 270 includes a set of operations regarding the guest user device attempting to access the wirelessly controlled door lock.
  • the procedure begins 272 with a user device arriving at the door location 274 .
  • the current time is analyzed against the authorized time for the user device to access the door 276 and if the current time is within the access time, then the process continues and a location of the guest device is obtained and compared to the location of the door for another comparison operation 278 . If the current time is not within the access time, a notification is sent to the guest device.
  • the device may be prompted with a question(s) and/or other security actions for additional security measures 282 . Assuming the correct answer is submitted and/or other security actions are successfully completed 281 then the access package 285 may be decrypted 284 with a known key. If the decryption key fails 286 , the door lock will not be unlocked and the door will not be opened 289 . However, if the decryption is successful 286 then the door be enabled by a wireless communication signal sent from the guest device to the door lock 287 (for example, via Bluetooth) and the door will open 288 .
  • a wireless communication signal sent from the guest device to the door lock 287 (for example, via Bluetooth) and the door will open 288 .
  • FIG. 2D includes an example flow diagram 290 of an example method of operation which includes accessing a security application and a security setup procedure 291 , transmitting an address location to setup a temporary access 292 , transmitting a security question required to be answered prior to access being granted 293 , transmitting a time window for the temporary access to be enacted 294 , encrypting an access credential comprising the address location, the security question and the time window 295 and transmitting the access credential to a guest device 296 so the guest device can be used to access and open the lock.
  • FIG. 3 illustrates a user interface of a guest mobile device during an access attempt according to example embodiments.
  • the guest user interface 300 includes a date for access to begin 312 , a GPS coordinate position of the premises 314 , a challenge question 316 and an answer section 318 and a button to access the premises 322 .
  • the guest may access the application and enter the property via the wireless communication protocol and the proper credentials.
  • a computer program may be embodied on a computer readable medium, such as a storage medium.
  • a computer program may reside in random access memory (“RAM”), flash memory, read-only memory (“ROM”), erasable programmable read-only memory (“EPROM”), electrically erasable programmable read-only memory (“EEPROM”), registers, hard disk, a removable disk, a compact disk read-only memory (“CD-ROM”), or any other form of storage medium known in the art.
  • An exemplary storage medium may be coupled to the processor such that the processor may read information from, and write information to, the storage medium.
  • the storage medium may be integral to the processor.
  • the processor and the storage medium may reside in an application specific integrated circuit (“ASIC”).
  • ASIC application specific integrated circuit
  • the processor and the storage medium may reside as discrete components.
  • FIG. 4 illustrates an example network element 400 , which may represent or be integrated in any of the above-described components, etc.
  • a memory 410 and a processor 420 may be discrete components of a network entity 400 that are used to execute an application or set of operations as described herein.
  • the application may be coded in software in a computer language understood by the processor 420 , and stored in a computer readable medium, such as, a memory 410 .
  • the computer readable medium may be a non-transitory computer readable medium that includes tangible hardware components, such as memory, that can store software.
  • a software module 430 may be another discrete entity that is part of the network entity 400 , and which contains software instructions that may be executed by the processor 420 to effectuate one or more of the functions described herein.
  • the network entity 400 may also have a transmitter and receiver pair configured to receive and transmit communication signals (not shown).
  • FIG. 5A illustrates another example flow diagram according to an example embodiment of the present application.
  • the diagram 500 includes one or more of: receiving a physical location at a server 502 , receiving a first biometric input at the server 504 , receiving a time window at the server for access to the physical location to be provided 506 , encrypting at the server an access credential comprising the physical location, the biometric input and the time window 508 , transmitting from the server the encrypted access credential to a first device and to a second device 510 , receiving a second biometric input at the server (or the second user device) 512 , determining that the first biometric input and the second biometric input are similar 514 , transmitting from the server to the first device a message indicating the first biometric input and the second biometric input are similar (or transmitting from the second user device to the first user device that the first biometric input and the second biometric input are similar) 516 , transmitting from the first device to the server a message authorizing
  • the diagram 530 includes one or more of: receiving a physical location at a server 532 , receiving a first biometric input at the server 534 , receiving a time window at the server for access to the physical location to be provided 536 , encrypting at the server an access credential comprising the physical location, the biometric input and the time window 538 , transmitting from the server the encrypted access credential to a first device and to a second device 540 , receiving a second biometric input at the server (or the second user device) 542 , determining that the first biometric input and the second biometric input are similar 544 unencrypting, by the second device, the encrypted access credential when it is determined that the first biometric input and the second biometric input are similar 546 , accessing, by the second device, the physical location via the unencrypted access credential when the second device is proximate the physical location during the time window 548 .
  • the diagram 550 includes one or more of: receiving a physical location at a server 552 , receiving a first biometric input and a security question at the server 554 , receiving a time window at the server for access to the physical location to be provided 556 , encrypting at the server an access credential comprising the physical location, the biometric input, the security question and the time window 558 , transmitting from the server the encrypted access credential to a first device and to a second device 560 , receiving a second biometric input at the server (or the second user device) 562 , determining that the first biometric input and the second biometric input are similar 564 , determining that the security question is answered correctly 566 , transmitting from the server to the first device a message indicating the first biometric input and the second biometric input are similar and the security question is answered correctly (or transmitting from the second user device to the first user device that the first biometric input and the second biometric input are similar) 568 , transmitting from the
  • the diagram 580 includes one or more of: receiving a physical location at a server 582 , receiving a first biometric input and a security question at the server 584 , receiving a time window at the server for access to the physical location to be provided 586 , encrypting at the server an access credential comprising the physical location, the biometric input, the security question and the time window 588 , transmitting from the server the encrypted access credential to a first device and to a second device 590 , receiving a second biometric input at the server (or the second user device) 592 , determining that the first biometric input and the second biometric input are similar 594 , determining that the security question is answered correctly 596 , unencrypting, by the second device, the encrypted access credential when it is determined that the first biometric input and the second biometric input are similar and the security question is answered correctly 598 , accessing, by the second device, the physical location via the unencrypted access credential when the second device is
  • FIG. 6 illustrates another example flow diagram according to an example embodiment of the present application.
  • the diagram 600 includes one or more of: receiving an address location at a server to setup a temporary access 602 , receiving a security question at the server required to be answered prior to the temporary access being granted 604 , and receiving a time window at the server for the temporary access to be granted 606 .
  • the application may include encrypting via the server an access credential comprising the address location, the security question and the time window 608 and transmitting from the server the encrypted access credential to a guest device 610 .
  • a method comprises one or more of: receiving an address location at a server to setup a temporary access, receiving a biometric input at the server required to be verified prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the biometric input and the time window, and transmitting from the server the encrypted access credential to a device of the first user and to a device of the second user.
  • a method comprises one or more of: receiving an address location at a server to setup a temporary access, receiving a biometric input and a security question at the server required to be verified prior to the temporary access being granted, wherein the biometric input is verified for a first user and the security question is verified for a second user, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the biometric input, the security question and the time window and transmitting from the server the encrypted access credential to a device of the first user and to a device of the second user.
  • the information sent between various modules can be sent between the modules via at least one of: a data network, the Internet, a voice network, an Internet Protocol network, a wireless device, a wired device and/or via plurality of protocols. Also, the messages sent or received by any of the modules may be sent or received directly and/or via one or more of the other modules.
  • a “system” could be embodied as a personal computer, a server, a console, a personal digital assistant (PDA), a cell phone, a tablet computing device, a smartphone or any other suitable computing device, or combination of devices.
  • PDA personal digital assistant
  • Presenting the above-described functions as being performed by a “system” is not intended to limit the scope of the present application in any way, but is intended to provide one example of many embodiments. Indeed, methods, systems and apparatuses disclosed herein may be implemented in localized and distributed forms consistent with computing technology.
  • modules may be implemented as a hardware circuit comprising custom very large scale integration (VLSI) circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components.
  • VLSI very large scale integration
  • a module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices, graphics processing units, or the like.
  • a module may also be at least partially implemented in software for execution by various types of processors.
  • An identified unit of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions that may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module.
  • modules may be stored on a computer-readable medium, which may be, for instance, a hard disk drive, flash device, random access memory (RAM), tape, or any other such medium used to store data.
  • a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices.
  • operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A remote security access procedure for granting access to a wirelessly controlled lock may include one of receiving an address location at a server to setup a temporary access, receiving a security question at the server required to be answered prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting via the server an access credential comprising the address location, the security question and the time window, and transmitting from the server the encrypted access credential to a guest device.

Description

TECHNICAL FIELD
This application relates to providing temporary access to a secure environment and more particularly to providing remote access from a first device to a second device based on specified security information.
BACKGROUND
Security is being managed remotely through communication protocols which transmit commands from devices to other devices, such as lights, doors, security cameras, appliances, etc. In certain instances, remote access to a door lock is being utilized to permit certain visitors with access to a location/premise. However, these remote access examples only provide limited security and are not customizable to a particular owner of the location/premises.
SUMMARY
An example embodiment provides a method that includes at least one of accessing a security application and a security setup procedure, transmitting an address location to setup a temporary access, transmitting a security question required to be answered prior to access being granted, transmitting a time window for the temporary access to be enacted, encrypting an access credential comprising the address location, the security question and the time window, and transmitting the access credential to a guest device.
Another example embodiment includes a method that includes receiving an address location at a server to setup a temporary access, receiving a security question at the server required to be answered prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the security question and the time window, and transmitting from the server the encrypted access credential to a guest device.
Also another example embodiment may include an apparatus that includes a receiver configured to receive an address location to setup a temporary access, receive a security question required to be answered prior to the temporary access being granted, and receive a time window for the temporary access to be granted. The apparatus also includes a processor configured to encrypt an access credential comprising the address location, the security question and the time window, and a transmitter configured to transmit the encrypted access credential to a guest device.
Still another example embodiment includes a non-transitory computer readable storage medium configured to store instructions that when executed cause a processor to perform at least one of receiving an address location at a server to setup a temporary access, receiving a security question at the server required to be answered prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the security question and the time window, and transmitting from the server the encrypted access credential to a guest device.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates an example communication network and a temporary access assignment according to an example embodiment.
FIG. 2A illustrates a system signaling diagram of various processes and communication operations during an access assignment and access attempt according to an example embodiment.
FIG. 2B illustrates a system signaling diagram of various processes and communication operations during an access assignment and access attempt according to an example embodiment.
FIG. 2C illustrates a system signaling diagram of various processes and communication operations during an access assignment and access attempt according to an example embodiment.
FIG. 2D illustrates an example flow diagram of a method of operation according to example embodiments.
FIG. 3 illustrates a user interface of a guest mobile device during an access attempt according to example embodiments.
FIG. 4 illustrates a computer readable medium and non-transitory computer processing platform for performing procedures according to example embodiments of the present application.
FIGS. 5A-5D illustrate yet another example flow diagram according to an example embodiment of the present application.
FIG. 6 illustrates a further example flow diagram according to an example embodiment of the present application.
 DETAILED DESCRIPTION
It will be readily understood that the instant components, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of at least one of a method, apparatus, and system, as represented in the attached figures, is not intended to limit the scope of the application as claimed, but is merely representative of selected embodiments.
The instant features, structures, or characteristics as described throughout this specification may be combined in any suitable manner in one or more embodiments. For example, the usage of the phrases “example embodiments”, “some embodiments”, or other similar language, throughout this specification refers to the fact that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment. Thus, appearances of the phrases “example embodiments”, “in some embodiments”, “in other embodiments”, or other similar language, throughout this specification do not necessarily all refer to the same group of embodiments, and the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In addition, while the term “message” may have been used in the description of embodiments, the application may be applied to many types of network data, such as, packet, frame, datagram, etc. The term “message” also includes packet, frame, datagram, and any equivalents thereof. Furthermore, while certain types of messages and signaling may be depicted in exemplary embodiments they are not limited to a certain type of message, and the application is not limited to a certain type of signaling.
FIG. 1 illustrates an example communication network and an access assignment according to an example embodiment. Referring to FIG. 1, the network 100 includes an owner device 110 which manages the access settings for the lock, a server 120 which hosts the security application and provides a log of registered users, command encryption and other features, and a guest device 150 which may receive access to the security premises based on the access permitted by the owner device 110. A network 130 provides a communication medium for the devices to communicate and may be part of the Internet, cloud or other known network comprising one or more computers, servers, etc. In another embodiment, at least one of managing the access settings for the lock, hosting the security application, and providing a log of registered users, command encryption and other features, can be performed by one or more of the owner device 110, the server 120, the network 130, the guest device 150, and the wireless lock 160.
In operation, in one embodiment, the owner device 110 may offer a temporary access schedule to one more guest devices 150. A time window for permitting access may be designated along with one or more of a security question and answer, a specific encryption key, a location tracking procedure, etc. The owner device 110 may set up such criteria and transmit a temporary access instance to the server 120. The entire set of data, or a portion of that data, may be deemed an access package 142 which is further processed by the application server 120 prior to offering access to the guest device 150. Credentials 144 may be offered to the guest device 150. Once the guest device 150 accesses the credentials and provides any needed information (e.g., answers to security questions, passwords, a SMS message confirmation, etc.), the guest device may be used to wirelessly access 146 the wireless lock 160 and thereby unlock an object such as a door. In one embodiment, the secure environment may be a space that is locked by a door or by some other locking mechanism that secures a space, device, appliance, equipment, or item of property. For example, various items may be secured by a lock and may need to be unlocked to provide temporary access such as bicycles, vehicles or other transports, luggage carriers (for example in airports or train stations), as well as appliances or equipment.
The access signal 146 may be sent to the door wirelessly in any manner such as a near field communication message, a BLUETOOTH message, a WiFi message, a cellular message, etc. In another embodiment, the access signal 146 may be sent to the server 120 which communicates with the wireless lock 160 over a device at a residence, office, or other building, such as a WiFi/Internet router. Ultimately, the access information necessary to open the door may be sent and processed into a command that enables the wireless lock to unlock and permit access to a structure. This access information and/or command may expire after a certain amount of time or after a certain action is taken (for example, after the lock is unlocked one or more times).
One example method of operation may include providing a near field access control interface to prevent opening of a lock controlling access to a property until conditions determined by the access control interface, or other communicably coupled device and/or software program, are satisfied. The interface may include a time/date for the access, a challenge response question, and an identification (which may include a serial number, international mobile equipment identity (IMEI) of a mobile device, a pre-shared key, and/or an encryption algorithm). Responsive to detecting the mobile device with the identification at the time/date in the vicinity of the lock, the challenge response may also be requested by the mobile device, and responsive to receiving a correct answer to the challenge response, the lock may be opened. The access control interface may require the authorized mobile device in the vicinity of the lock as monitored by GPS or other location determination procedures.
The security functions may include a time of day based access, denoted as ‘T’, a challenge response denoted as ‘R’, a serial number of the guest device denoted as SN′, and a pre-shared key, denoted as ‘K’. The key encryption method used to encrypt one or more of the security functions may be any standard encryption method. In operation, the property owner or occupant may have a BLUETOOTH, Wi-Fi, NFC, cellular, etc., based lock on an object on or in the property such as a door, gate, window, garage, attic, room, etc. which uses a mobile device and application to permit or limit access. The web site/server 120 stores a master database of keys which can open the lock.
FIG. 2A illustrates a system signaling diagram of various processes and communication operations during an access operation according to an example embodiment. Referring to FIG. 2A, the diagram 200 includes a communication cycle between the owner device 210, the server 220 and the guest device 230. In operation, the owner device 210 logs onto the management web site hosted by the server 220 and configures a temporary access package 212 for a guest device seeking access to enter the property with a specific appointment and credentials. In another embodiment, the owner device 210 may access an application from the server 220, or another device communicably coupled to the server or the owner device, to configure the temporary access package 212. A user of the device 210 can provide the address of the property so that GPS coordinates, or other location attributes, can be used to set the location of the property. In another embodiment, the device 210, if in or on or proximate the premises, can indicate the location via an action such as turning on a location feature on the device 210.
Security questions that should be answered, or other security actions that should be properly concluded (such as biometric verification, voice verification, visual verification, etc.) are submitted 214 along with a time window for access and a phone number (or other data such as an IP address, etc.) of the guest device 216. This information may be submitted 218 to the server 220 for processing. The parameter ‘LL’ may be used for location. The server 220 permits the owner device 210 to create security questions and answers and/or other security actions for a specific guest. The answer to the question(s) or other security action(s) may be denoted ‘R’. The server 220 permits the owner device 210 to also setup an appointment or appointment window denoted ‘T’. The guest user device 230 will access his/her application and send the serial number, SN′ of the phone (or other identifier) to the server 220. A website, application, service, or program, running on the server 220, or a website, application, service, or program running on the device 210, can send an access or credential package or message 224 to the guest's device 230 which would be running a website, application, service, or program able to receive the message, parse the message and perform an action(s) based on the message. The package or message 224 includes encrypted data 222=Encrypt (K, R.SN), where R.SN is a string (such as a concatenated string) of the challenge response answer and the serial number or other identifier of the device 230. The package 224 is delivered to the guest device 230 and received by an application running on the device. A display (or a speaker) on the guest device 230 provides a message that the premises may be accessed on the given date/time. As a result, on the given date, the device 230 is at or proximate the residence, and if the time of day ‘T’ is within the time window and the device is in the proper location ‘LL’, the challenge question is able to be answered 226. The challenge response is concatenated with the serial number or other identifier of the device 230, as well as a decryption key ‘K’. The response data 228 is sent to the server 220 where the data is stored 231, for example in a user profile. The key ‘K’, will be transmitted over a communication protocol such as Wi-Fi, BLUETOOTH, NFC, cellular, etc., from the guest device 230 (via a transmitter or transceiver, for example) to a receiver or transceiver on the, or communicably coupled to, the door lock which would unlock 232. This key may expire after a certain amount of time or after a certain action is taken (for example, after the lock is unlocked one or more times).
According to example embodiments, a property owner, tenant or other individual prepares an access package via their computing device which will permit a visitor computing device to access the property based on specified conditions being met. The visitor retrieves an access package (which includes an encrypted key) and may proceed to enter the property. The owner can provide a key to guests based on certain conditions being met and using a secure operation. Examples of the various security factors include time of day ‘T’, challenge response ‘R’, serial number of guest's phone, ‘SN’, pre-shared key, ‘K’, and key encryption methods (standard encryption routines).
FIG. 2B illustrates a system signaling diagram of various processes and communication operations during an access operation according to an example embodiment. Referring to FIG. 2B, the example diagram 250 includes the owner device 210 logging into the management web site 252 running on the server 220 (or using an application running on the device 210) to access the server) where he/she may configure a temporary access package for a guest who needs to enter the property with a specific appointment. The owner device 210 provides the address of the property so that GPS coordinates ‘LL’ may be determined and used to ensure the correct guest device. The web site or application permits the owner to create security questions and answers ‘R’ for a specific guest device 230. The web site permits the owner to set up an appointment or appointment window ‘T’ as a necessary variable which must be fulfilled to enter the house.
The server 220 confirms the access package details 254 and the appointment is confirmed by the server 220. The application can then be accessed 256 by the guest device 230 which will send the serial number or other identifier, SN of the phone to the website or application running on the server 220 (or another device communicably coupled to the server or to the guest device 230). The server 220 sends an access package 258 to the guest's smartphone application which consists of, in one embodiment, package=Encrypt (K, R.SN), where R.SN is the concatenated string of the challenge response answer and the serial number of the smartphone. The credentials package is delivered to the application running on the guest device 230, and a message is sent regarding the date/window of time the premises may be accessed. On the given date/time, if the time of day T is within the appointment window and the phone is in the right location, LL (as per the GPS receiver, for example) the user is prompted to answer the challenge question. When the answer is provided, it is concatenated with the serial number of the phone. This concatenation of the serial number and the answer can be used to decrypt the access package and the lock key becomes available. The key K, will be transmitted over a wireless protocol 262 to the lock 240 and the door will open 264. This key may expire after a certain amount of time or after a certain action is taken (for example, after the lock is unlocked one or more times).
Optionally, the configuration may only permit access to the property if a specific guest device (as determined by a device identifier) or if multiple users were present for any lock to open. For instance, if a property owner wants a person to chaperone a guest. This scenario is common with real estate agents and contractors or prospective renters or purchasers who need access to a property. In such a scenario one or more of the following would occur: both devices of both parties would pair with one or more locks in or on the property, both devices would be in the same or similar location, both devices may receive questions or other security actions and both may have a limited time window to access the door lock. Some package access messages do not need to include all of these attributes: ‘T’ (time of day/week), ‘R’ (Challenge question response), SN′ (serial number of guest's phone) and ‘K’ (pre-shared key). For example, ‘T’ can be excluded because one of the devices may already have a record of the time or the ‘smart’ door lock could have a record of the time.
FIG. 2C illustrates a diagram of various processes and communication operations during an access operation according to an example embodiment. Referring to FIG. 2C, the flow diagram 270 includes a set of operations regarding the guest user device attempting to access the wirelessly controlled door lock. For example, the procedure begins 272 with a user device arriving at the door location 274. The current time is analyzed against the authorized time for the user device to access the door 276 and if the current time is within the access time, then the process continues and a location of the guest device is obtained and compared to the location of the door for another comparison operation 278. If the current time is not within the access time, a notification is sent to the guest device. If the guest device is within the location then the device may be prompted with a question(s) and/or other security actions for additional security measures 282. Assuming the correct answer is submitted and/or other security actions are successfully completed 281 then the access package 285 may be decrypted 284 with a known key. If the decryption key fails 286, the door lock will not be unlocked and the door will not be opened 289. However, if the decryption is successful 286 then the door be enabled by a wireless communication signal sent from the guest device to the door lock 287 (for example, via Bluetooth) and the door will open 288.
FIG. 2D includes an example flow diagram 290 of an example method of operation which includes accessing a security application and a security setup procedure 291, transmitting an address location to setup a temporary access 292, transmitting a security question required to be answered prior to access being granted 293, transmitting a time window for the temporary access to be enacted 294, encrypting an access credential comprising the address location, the security question and the time window 295 and transmitting the access credential to a guest device 296 so the guest device can be used to access and open the lock.
FIG. 3 illustrates a user interface of a guest mobile device during an access attempt according to example embodiments. Referring to FIG. 3, the guest user interface 300 includes a date for access to begin 312, a GPS coordinate position of the premises 314, a challenge question 316 and an answer section 318 and a button to access the premises 322. The guest may access the application and enter the property via the wireless communication protocol and the proper credentials.
The above embodiments may be implemented in hardware, in a computer program executed by a processor, in firmware, or in a combination of the above. A computer program may be embodied on a computer readable medium, such as a storage medium. For example, a computer program may reside in random access memory (“RAM”), flash memory, read-only memory (“ROM”), erasable programmable read-only memory (“EPROM”), electrically erasable programmable read-only memory (“EEPROM”), registers, hard disk, a removable disk, a compact disk read-only memory (“CD-ROM”), or any other form of storage medium known in the art.
An exemplary storage medium may be coupled to the processor such that the processor may read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (“ASIC”). In the alternative, the processor and the storage medium may reside as discrete components. For example, FIG. 4 illustrates an example network element 400, which may represent or be integrated in any of the above-described components, etc.
As illustrated in FIG. 4, a memory 410 and a processor 420 may be discrete components of a network entity 400 that are used to execute an application or set of operations as described herein. The application may be coded in software in a computer language understood by the processor 420, and stored in a computer readable medium, such as, a memory 410. The computer readable medium may be a non-transitory computer readable medium that includes tangible hardware components, such as memory, that can store software. Furthermore, a software module 430 may be another discrete entity that is part of the network entity 400, and which contains software instructions that may be executed by the processor 420 to effectuate one or more of the functions described herein. In addition to the above noted components of the network entity 400, the network entity 400 may also have a transmitter and receiver pair configured to receive and transmit communication signals (not shown).
FIG. 5A illustrates another example flow diagram according to an example embodiment of the present application. Referring to FIG. 5A, the diagram 500 includes one or more of: receiving a physical location at a server 502, receiving a first biometric input at the server 504, receiving a time window at the server for access to the physical location to be provided 506, encrypting at the server an access credential comprising the physical location, the biometric input and the time window 508, transmitting from the server the encrypted access credential to a first device and to a second device 510, receiving a second biometric input at the server (or the second user device) 512, determining that the first biometric input and the second biometric input are similar 514, transmitting from the server to the first device a message indicating the first biometric input and the second biometric input are similar (or transmitting from the second user device to the first user device that the first biometric input and the second biometric input are similar) 516, transmitting from the first device to the server a message authorizing the server to transmit a key to the second device (or transmitting the key from the first device to the second device) 518, transmitting the key to the second device 520, unencrypting, by the second device, the encrypted access credential using the key 522, accessing, by the second device, the physical location via the unencrypted access credential when the second device is proximate the physical location during the time window 524.
Referring to FIG. 5B, the diagram 530 includes one or more of: receiving a physical location at a server 532, receiving a first biometric input at the server 534, receiving a time window at the server for access to the physical location to be provided 536, encrypting at the server an access credential comprising the physical location, the biometric input and the time window 538, transmitting from the server the encrypted access credential to a first device and to a second device 540, receiving a second biometric input at the server (or the second user device) 542, determining that the first biometric input and the second biometric input are similar 544 unencrypting, by the second device, the encrypted access credential when it is determined that the first biometric input and the second biometric input are similar 546, accessing, by the second device, the physical location via the unencrypted access credential when the second device is proximate the physical location during the time window 548.
Referring to FIG. 5C, the diagram 550 includes one or more of: receiving a physical location at a server 552, receiving a first biometric input and a security question at the server 554, receiving a time window at the server for access to the physical location to be provided 556, encrypting at the server an access credential comprising the physical location, the biometric input, the security question and the time window 558, transmitting from the server the encrypted access credential to a first device and to a second device 560, receiving a second biometric input at the server (or the second user device) 562, determining that the first biometric input and the second biometric input are similar 564, determining that the security question is answered correctly 566, transmitting from the server to the first device a message indicating the first biometric input and the second biometric input are similar and the security question is answered correctly (or transmitting from the second user device to the first user device that the first biometric input and the second biometric input are similar) 568, transmitting from the first device to the server a message authorizing the server to transmit a key to the second device (or transmitting the key from the first device to the second device) 570, transmitting the key to the second device 572, unencrypting, by the second device, the encrypted access credential using the key 574, accessing, by the second device, the physical location via the unencrypted access credential when the second device is proximate the physical location during the time window 576.
Referring to FIG. 5D, the diagram 580 includes one or more of: receiving a physical location at a server 582, receiving a first biometric input and a security question at the server 584, receiving a time window at the server for access to the physical location to be provided 586, encrypting at the server an access credential comprising the physical location, the biometric input, the security question and the time window 588, transmitting from the server the encrypted access credential to a first device and to a second device 590, receiving a second biometric input at the server (or the second user device) 592, determining that the first biometric input and the second biometric input are similar 594, determining that the security question is answered correctly 596, unencrypting, by the second device, the encrypted access credential when it is determined that the first biometric input and the second biometric input are similar and the security question is answered correctly 598, accessing, by the second device, the physical location via the unencrypted access credential when the second device is proximate the physical location during the time window 599.
FIG. 6 illustrates another example flow diagram according to an example embodiment of the present application. Referring to FIG. 6, the diagram 600 includes one or more of: receiving an address location at a server to setup a temporary access 602, receiving a security question at the server required to be answered prior to the temporary access being granted 604, and receiving a time window at the server for the temporary access to be granted 606. Once all necessary information is received to establish the credential, the application may include encrypting via the server an access credential comprising the address location, the security question and the time window 608 and transmitting from the server the encrypted access credential to a guest device 610.
In other embodiments, a method comprises one or more of: receiving an address location at a server to setup a temporary access, receiving a biometric input at the server required to be verified prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the biometric input and the time window, and transmitting from the server the encrypted access credential to a device of the first user and to a device of the second user.
In further embodiments, a method comprises one or more of: receiving an address location at a server to setup a temporary access, receiving a biometric input and a security question at the server required to be verified prior to the temporary access being granted, wherein the biometric input is verified for a first user and the security question is verified for a second user, receiving a time window at the server for the temporary access to be granted, encrypting at the server an access credential comprising the address location, the biometric input, the security question and the time window and transmitting from the server the encrypted access credential to a device of the first user and to a device of the second user.
Although an exemplary embodiment of at least one of a system, method, and non-transitory computer readable medium has been illustrated in the accompanied drawings and described in the foregoing detailed description, it will be understood that the application is not limited to the embodiments disclosed, but is capable of numerous rearrangements, modifications, and substitutions as set forth and defined by the following claims. For example, the capabilities of the system of the various figures can be performed by one or more of the modules or components described herein or in a distributed architecture and may include a transmitter, receiver or pair of both. For example, all or part of the functionality performed by the individual modules, may be performed by one or more of these modules. Further, the functionality described herein may be performed at various times and in relation to various events, internal or external to the modules or components. Also, the information sent between various modules can be sent between the modules via at least one of: a data network, the Internet, a voice network, an Internet Protocol network, a wireless device, a wired device and/or via plurality of protocols. Also, the messages sent or received by any of the modules may be sent or received directly and/or via one or more of the other modules.
One skilled in the art will appreciate that a “system” could be embodied as a personal computer, a server, a console, a personal digital assistant (PDA), a cell phone, a tablet computing device, a smartphone or any other suitable computing device, or combination of devices. Presenting the above-described functions as being performed by a “system” is not intended to limit the scope of the present application in any way, but is intended to provide one example of many embodiments. Indeed, methods, systems and apparatuses disclosed herein may be implemented in localized and distributed forms consistent with computing technology.
It should be noted that some of the system features described in this specification have been presented as modules, in order to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom very large scale integration (VLSI) circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices, graphics processing units, or the like.
A module may also be at least partially implemented in software for execution by various types of processors. An identified unit of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions that may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module. Further, modules may be stored on a computer-readable medium, which may be, for instance, a hard disk drive, flash device, random access memory (RAM), tape, or any other such medium used to store data.
Indeed, a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
It will be readily understood that the components of the application, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the detailed description of the embodiments is not intended to limit the scope of the application as claimed, but is merely representative of selected embodiments of the application.
One having ordinary skill in the art will readily understand that the above may be practiced with steps in a different order, and/or with hardware elements in configurations that are different than those which are disclosed. Therefore, although the application has been described based upon these preferred embodiments, it would be apparent to those of skill in the art that certain modifications, variations, and alternative constructions would be apparent.
While preferred embodiments of the present application have been described, it is to be understood that the embodiments described are illustrative only and the scope of the application is to be defined solely by the appended claims when considered with a full range of equivalents and modifications (e.g., protocols, hardware devices, software platforms etc.) thereto.

Claims (20)

What is claimed is:
1. A method, comprising:
receiving an address location at a server to setup a temporary access;
receiving a security question at the server required to be answered prior to the temporary access being granted;
receiving a time window at the server for the temporary access to be granted;
encrypting at the server an access credential based on the address location, the security question and the time window; and
transmitting from the server the encrypted access credential to a guest device, wherein the encrypted access credential is based on an answer to the security question and a serial number of the guest device.
2. The method of claim 1, wherein the encrypted access credential further comprises a concatenated string of the answer to the security question and the serial number of the guest device.
3. The method of claim 1, further comprising requiring a plurality of guest devices to be present at the address location prior to granting the temporary access to the guest device to access the address location.
4. The method of claim 3, wherein granting the temporary access to the guest device to access address location comprises at least one of unlocking and locking an electronic door lock using a wireless communication protocol.
5. The method of claim 4, wherein the wireless communication protocol comprises at least one of BLUETOOTH, Wi-Fi, cellular and near field communication (NFC).
6. The method of claim 1, further comprising transmitting an encryption key to the guest device from the server responsive to the guest device transmitting a correct response to the security question.
7. The method of claim 1, wherein the address location comprises global positioning system (GPS) coordinates.
8. An apparatus, comprising:
a receiver configured to:
receive an address location to setup a temporary access;
receive a security question required to be answered prior to the temporary access being granted; and
receive a time window for the temporary access to be granted;
a processor configured to encrypt an access credential based on the address location, the security question and the time window; and
a transmitter configured to transmit the encrypted access credential to a guest device wherein the encrypted access credential is based on an answer to the security question and a serial number of the guest device.
9. The apparatus of claim 8, wherein the encrypted access credential further comprises a concatenated string of the answer to the security question and the serial number of the guest device.
10. The apparatus of claim 8, wherein the processor requires a plurality of guest devices to be present at the address location prior to the temporary access being granted to the guest device to access the address location.
11. The apparatus of claim 10, wherein the processor grants the temporary access to the guest device to access address location via access to perform at least one of unlock and lock an electronic door lock using a wireless communication protocol.
12. The apparatus of claim 11, wherein the wireless communication protocol comprises at least one of BLUETOOTH, Wi-Fi, cellular and near field communication (NFC).
13. The apparatus of claim 8, wherein the transmitter is further configured to transmit an encryption key to the guest device responsive to the guest device having transmitted a correct response to the security question.
14. The apparatus of claim 8, wherein the address location comprises global positioning system (GPS) coordinates.
15. A non-transitory computer readable storage medium configured to store instructions that when executed cause a processor to perform:
receiving an address location at a server to setup a temporary access;
receiving a security question at the server required to be answered prior to the temporary access being granted;
receiving a time window at the server for the temporary access to be granted;
encrypting via the server an access credential based on the address location, the security question and the time window; and
transmitting from the server the encrypted access credential to a guest device, wherein the encrypted access credential is based on an answer to the security question and a serial number of the guest device.
16. The non-transitory computer readable storage medium of claim 15, wherein the encrypted access credential further comprises a concatenated string of the answer to the security question and the serial number of the guest device.
17. The non-transitory computer readable storage medium of claim 15, wherein the processor is further configured to perform requiring a plurality of guest devices to be present at the address location prior to granting temporary access to the guest device to access the address location.
18. The non-transitory computer readable storage medium of claim 17, wherein granting the temporary access to the guest device to access the address location comprises at least one of unlocking and locking an electronic door lock using a wireless communication protocol, and wherein the address location comprises global positioning system (GPS) coordinates.
19. The non-transitory computer readable storage medium of claim 18, wherein the wireless communication protocol comprises at least one of BLUETOOTH, Wi-Fi, cellular and near field communication (NFC).
20. The non-transitory computer readable storage medium of claim 15, wherein the processor is further configured to perform transmitting an encryption key to the guest device from an application server responsive to the guest device transmitting a correct response to the security question.
US15/254,534 2016-09-01 2016-09-01 Providing wireless access to a secure lock based on various security data Active US9741186B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/254,534 US9741186B1 (en) 2016-09-01 2016-09-01 Providing wireless access to a secure lock based on various security data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/254,534 US9741186B1 (en) 2016-09-01 2016-09-01 Providing wireless access to a secure lock based on various security data

Publications (1)

Publication Number Publication Date
US9741186B1 true US9741186B1 (en) 2017-08-22

Family

ID=59581544

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/254,534 Active US9741186B1 (en) 2016-09-01 2016-09-01 Providing wireless access to a secure lock based on various security data

Country Status (1)

Country Link
US (1) US9741186B1 (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190068586A1 (en) * 2017-08-28 2019-02-28 T-Mobile Usa, Inc. Temporal identity vaulting
CN110706378A (en) * 2019-08-23 2020-01-17 珠海格力电器股份有限公司 Method, terminal, system and computer readable medium for recording door lock state
US20200026279A1 (en) * 2018-07-20 2020-01-23 Ford Global Technologies, Llc Smart neighborhood routing for autonomous vehicles
US10685516B1 (en) * 2019-03-22 2020-06-16 Eingot Llc Virtual intercom system
US10743694B2 (en) 2018-05-17 2020-08-18 Securum Capsa, Inc. Package receiving locker
US10846958B2 (en) 2019-03-22 2020-11-24 Eingot Llc Virtual intercom system
US20210264707A1 (en) * 2016-12-06 2021-08-26 Assa Abloy Ab Providing access to a lock by service consumer device
US11109705B2 (en) 2018-09-26 2021-09-07 Securum Capsa, Inc. Medication receiver
US11205313B2 (en) * 2020-04-15 2021-12-21 Tekion Corp Physical lock electronic interface tool
US20220148357A1 (en) * 2015-12-28 2022-05-12 Amazon Technologies, Inc. Remote access control
US11339589B2 (en) 2018-04-13 2022-05-24 Dormakaba Usa Inc. Electro-mechanical lock core
US11395138B2 (en) * 2016-12-06 2022-07-19 Assa Abloy Ab Providing access to a lock for a service provider
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
US20220383678A1 (en) * 2019-08-02 2022-12-01 Yunding Network Technology (Beijing) Co., Ltd. Methods and systems for controlling a smart lock
US11538298B2 (en) * 2019-08-06 2022-12-27 Yunding Network Technology (Beijing) Co., Ltd. Devices and methods for controlling smart lock
US11551495B2 (en) * 2020-04-20 2023-01-10 Toyota Jidosha Kabushiki Kaisha Information processing apparatus, authentication system, and information processing method
US11722498B1 (en) * 2016-09-23 2023-08-08 Wells Fargo Bank, N.A. Storing call session information in a telephony system
US11818180B1 (en) 2022-05-16 2023-11-14 Apple Inc. Transient setup of applications on communal devices
US11900744B2 (en) 2019-03-22 2024-02-13 Eingot Llc Virtual intercom system
US11913254B2 (en) 2017-09-08 2024-02-27 dormakaba USA, Inc. Electro-mechanical lock core
US11933076B2 (en) 2016-10-19 2024-03-19 Dormakaba Usa Inc. Electro-mechanical lock core
US12137126B2 (en) 2022-05-16 2024-11-05 Apple Inc. Transient setup of applications on communal devices

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6161005A (en) 1998-08-10 2000-12-12 Pinzon; Brian W. Door locking/unlocking system utilizing direct and network communications
US20050206519A1 (en) 2004-03-18 2005-09-22 Tsui Gallen K L Systems and methods for proximity control of a barrier
US20060199541A1 (en) 2005-03-02 2006-09-07 Eaton Corporation System, method and wireless node determining if in range or out of range of wireless communication with a server
US7725730B2 (en) * 2002-08-09 2010-05-25 Emc Corporation Cryptographic methods and apparatus for secure authentication
US8035479B2 (en) 2006-06-12 2011-10-11 Tran Bao Q Mesh network door lock
US20110314530A1 (en) * 2010-06-17 2011-12-22 Aliphcom System and method for controlling access to network services using biometric authentication
US20130237193A1 (en) 2011-03-17 2013-09-12 Unikey Technologies, Inc. Wireless access control system and related methods
US8570145B2 (en) 2009-02-09 2013-10-29 Jonson C. Au Security system, modules and method of operation thereof
US20140051355A1 (en) 2012-08-16 2014-02-20 Schlage Lock Company Llc Wireless electronic lock system and method
US8838555B2 (en) * 2002-03-16 2014-09-16 The Paradigm Alliance, Inc. Method, system, and program for an improved enterprise spatial system
US20150181014A1 (en) 2011-05-02 2015-06-25 Apigy Inc. Systems and methods for controlling a locking mechanism using a portable electronic device
US20160110530A1 (en) 2014-10-15 2016-04-21 iPulse Systems (Pty) Limited Method and a system for authenticating a user in terms of a cloud based access control system

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6161005A (en) 1998-08-10 2000-12-12 Pinzon; Brian W. Door locking/unlocking system utilizing direct and network communications
US8838555B2 (en) * 2002-03-16 2014-09-16 The Paradigm Alliance, Inc. Method, system, and program for an improved enterprise spatial system
US7725730B2 (en) * 2002-08-09 2010-05-25 Emc Corporation Cryptographic methods and apparatus for secure authentication
US20050206519A1 (en) 2004-03-18 2005-09-22 Tsui Gallen K L Systems and methods for proximity control of a barrier
US20060199541A1 (en) 2005-03-02 2006-09-07 Eaton Corporation System, method and wireless node determining if in range or out of range of wireless communication with a server
US8035479B2 (en) 2006-06-12 2011-10-11 Tran Bao Q Mesh network door lock
US8570145B2 (en) 2009-02-09 2013-10-29 Jonson C. Au Security system, modules and method of operation thereof
US20110314530A1 (en) * 2010-06-17 2011-12-22 Aliphcom System and method for controlling access to network services using biometric authentication
US20130237193A1 (en) 2011-03-17 2013-09-12 Unikey Technologies, Inc. Wireless access control system and related methods
US20150181014A1 (en) 2011-05-02 2015-06-25 Apigy Inc. Systems and methods for controlling a locking mechanism using a portable electronic device
US20140051355A1 (en) 2012-08-16 2014-02-20 Schlage Lock Company Llc Wireless electronic lock system and method
US20160110530A1 (en) 2014-10-15 2016-04-21 iPulse Systems (Pty) Limited Method and a system for authenticating a user in terms of a cloud based access control system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Robarts Stu, myPORT app unlocks doors and calls elevators for you, Dec. 5, 2014, News Atlas, http://newatlas.com/myport-building-access-app/35084. *
Woollaston Victoria, The smart lock that lets you open your front door using just your phone-and can even let in guests when you're not home, May 30, 2013, http://www.dailymail.co.uk/sciencetech/article-2333375/The-smart-lock-lets-open-door-using-just-phone-let-guests-youre-home.html. *
Woollaston Victoria, The smart lock that lets you open your front door using just your phone—and can even let in guests when you're not home, May 30, 2013, http://www.dailymail.co.uk/sciencetech/article-2333375/The-smart-lock-lets-open-door-using-just-phone—let-guests-youre-home.html. *

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12500982B2 (en) * 2015-12-28 2025-12-16 Amazon Technologies, Inc. Remote access control
US20220148357A1 (en) * 2015-12-28 2022-05-12 Amazon Technologies, Inc. Remote access control
US11722498B1 (en) * 2016-09-23 2023-08-08 Wells Fargo Bank, N.A. Storing call session information in a telephony system
US11933076B2 (en) 2016-10-19 2024-03-19 Dormakaba Usa Inc. Electro-mechanical lock core
US20210264707A1 (en) * 2016-12-06 2021-08-26 Assa Abloy Ab Providing access to a lock by service consumer device
US11395138B2 (en) * 2016-12-06 2022-07-19 Assa Abloy Ab Providing access to a lock for a service provider
US12136304B2 (en) * 2016-12-06 2024-11-05 Assa Abloy Ab Providing access to a lock by service consumer device
US20190068586A1 (en) * 2017-08-28 2019-02-28 T-Mobile Usa, Inc. Temporal identity vaulting
US10757097B2 (en) * 2017-08-28 2020-08-25 T-Mobile Usa, Inc. Temporal identity vaulting
US11913254B2 (en) 2017-09-08 2024-02-27 dormakaba USA, Inc. Electro-mechanical lock core
US12071788B2 (en) 2018-04-13 2024-08-27 Dormakaba Usa Inc. Electro-mechanical lock core
US11339589B2 (en) 2018-04-13 2022-05-24 Dormakaba Usa Inc. Electro-mechanical lock core
US12435546B2 (en) 2018-04-13 2025-10-07 Dormakaba Usa Inc. Electro-mechanical lock core
US11447980B2 (en) 2018-04-13 2022-09-20 Dormakaba Usa Inc. Puller tool
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
US12031357B2 (en) 2018-04-13 2024-07-09 Dormakaba Usa Inc. Electro-mechanical lock core
US10743694B2 (en) 2018-05-17 2020-08-18 Securum Capsa, Inc. Package receiving locker
US11399649B2 (en) 2018-05-17 2022-08-02 Securum Capsa, Inc. Package receiving locker
US20200026279A1 (en) * 2018-07-20 2020-01-23 Ford Global Technologies, Llc Smart neighborhood routing for autonomous vehicles
US11109705B2 (en) 2018-09-26 2021-09-07 Securum Capsa, Inc. Medication receiver
US10846958B2 (en) 2019-03-22 2020-11-24 Eingot Llc Virtual intercom system
US11900744B2 (en) 2019-03-22 2024-02-13 Eingot Llc Virtual intercom system
US10685516B1 (en) * 2019-03-22 2020-06-16 Eingot Llc Virtual intercom system
US11928904B2 (en) * 2019-08-02 2024-03-12 Yunding Network Technology (Beijing) Co., Ltd. Methods and systems for controlling a smart lock
US20220383678A1 (en) * 2019-08-02 2022-12-01 Yunding Network Technology (Beijing) Co., Ltd. Methods and systems for controlling a smart lock
US11823510B2 (en) * 2019-08-06 2023-11-21 Yunding Network Technology (Beijing) Co., Ltd. Devices and methods for controlling smart lock
US11538298B2 (en) * 2019-08-06 2022-12-27 Yunding Network Technology (Beijing) Co., Ltd. Devices and methods for controlling smart lock
CN110706378A (en) * 2019-08-23 2020-01-17 珠海格力电器股份有限公司 Method, terminal, system and computer readable medium for recording door lock state
CN110706378B (en) * 2019-08-23 2024-05-03 珠海格力电器股份有限公司 Method, terminal, system and computer readable medium for recording door lock state
US11520480B2 (en) 2020-04-15 2022-12-06 Tekion Corp Physical lock electronic interface tool
US11205313B2 (en) * 2020-04-15 2021-12-21 Tekion Corp Physical lock electronic interface tool
US11551495B2 (en) * 2020-04-20 2023-01-10 Toyota Jidosha Kabushiki Kaisha Information processing apparatus, authentication system, and information processing method
US12137126B2 (en) 2022-05-16 2024-11-05 Apple Inc. Transient setup of applications on communal devices
US11818180B1 (en) 2022-05-16 2023-11-14 Apple Inc. Transient setup of applications on communal devices

Similar Documents

Publication Publication Date Title
US9741186B1 (en) Providing wireless access to a secure lock based on various security data
US11438169B2 (en) Time-bound secure access
US9437063B2 (en) Methods and systems for multi-unit real estate management
US9384613B2 (en) Near field communication based key sharing techniques
US9763086B2 (en) Owner access point to control the unlocking of an entry
US8410898B1 (en) Near field communication based key sharing techniques
US20180232514A1 (en) Method and apparatus for facilitating access to a device utilizing frictionless two-factor authentication
US20180316671A1 (en) Method and apparatus for facilitating authorization of a specified task via multi-stage and multi-level authentication processes utilizing frictionless two-factor authentication
US9699656B2 (en) Systems and methods of authenticating and controlling access over customer data
CN106161423A (en) Control via the access of mobile device
EP3358534A1 (en) Delegation of access rights
US20180316670A1 (en) Method and apparatus for facilitating frictionless two-factor authentication
US20180234418A1 (en) Method and apparatus for facilitating access to publish or post utilizing frictionless two-factor authentication
US20160337353A1 (en) System and method for multi-factor authentication
US20160381552A1 (en) Handling risk events for a mobile device
US20150007280A1 (en) Wireless personnel identification solution
WO2019191427A1 (en) Method and apparatus for facilitating access to a device utilizing frictionless two-factor authentication
KR101638585B1 (en) entrance system exploiting smart phone
US20220014388A1 (en) Virtual security guard
US11895251B2 (en) Mutual authentication with pseudo random numbers
US11599872B2 (en) System and network for access control to real property using mobile identification credential
US20250184334A1 (en) Companion device authentication
US20230198981A1 (en) Systems and methods for credentials sharing
US12380195B2 (en) Using a digital badge to access managed devices
WO2019191394A1 (en) Method and apparatus for facilitating authorization of a specified task via multi-stage and multi-level authentication processes utilizing frictionless two-factor authentication

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEMKE, WILLIAM A.;REEL/FRAME:039616/0120

Effective date: 20160831

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: AIRBNB, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:056427/0193

Effective date: 20210106

Owner name: AIRBNB, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNOR'S INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:056427/0193

Effective date: 20210106

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8